2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]uInternet Settings,ProxyServer = http=127.0.0.1:5577uInternet Settings,ProxyOverride = <local>Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

On my anti maleware software, malewarebytes, it still finds a rootkit agent on the quick scan. I alway remove it but as soon as the computer starts up again it is back. When I did one of the scans I was told too, I believe the combo.ex one, my computer beep and it did say it had found my Master Boot to be infected. I have wonder if I did the log correctly for that scan since afterwards I couldn't get on the net and ende up retarting the comp and the scan started again and I took that log, after that I had started saving the logs ahead of time so I can get them back to paste up if I had to restart. Down below I'm pasting my log from the anit malware program, malewarebytes just incase it might help.

2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]..------- Supplementary Scan -------.uStart Page = [You must be registered and logged in to see this link.]Trusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregDPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]FF - prefs.js: browser.search.selectedEngine - BingFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

===========

Please run a free online scan with the [You must be registered and logged in to see this link.]Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Looks like its running good now, its faster thats for sure and nothing is being picked up from my scanner. Thank you very much for your help, I wasn't sure what I was going to be able to do with how that little sucker kept on poping up everytime I would think I had it dealt with.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.Go to the Control Panel and enter Add or Remove Programs.Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.Go to the Control Panel and enter Add or Remove Programs.Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

I recommend using [You must be registered and logged in to see this link.] for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:1. [You must be registered and logged in to see this link.]2. [You must be registered and logged in to see this link.]

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

4. Always make sure you have the latest [You must be registered and logged in to see this link.].

6. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] to keep you more safe.

7. Always keep your [You must be registered and logged in to see this link.] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information on keeping yourself safe please visit [You must be registered and logged in to see this link.]